Server : LiteSpeed System : Linux us-phx-web1202.main-hosting.eu 4.18.0-553.84.1.lve.el8.x86_64 #1 SMP Tue Nov 25 18:33:03 UTC 2025 x86_64 User : u615232177 ( 615232177) PHP Version : 8.1.33 Disable Function : NONE Directory : /home/u615232177/public_html/ |
<?php session_start();
$page_name = basename($_SERVER['PHP_SELF']);
include("headerstrict.php"); ?>
<title><?php echo $company_name; ?>, Review A Product</title>
<link rel="stylesheet" type="text/css" href="styles/contact.css">
<?php $the_array = array();
if (isset($_GET['product'])){
$product_id = mysqli_real_escape_string($con,$_GET['product']);
$stmt = $con -> prepare('SELECT product_title FROM products WHERE product_id=?');
$stmt -> bind_param('s',$product_id);
$stmt -> execute();
$stmt -> store_result();
$stmt -> bind_result($product_title);
$numrows = $stmt -> num_rows();
if($numrows > 0){
while ($stmt -> fetch()) {
//make sure this person has bought the product before
//get all these persons orders
$completed = "Completed";
$stmt_sure = $con -> prepare('SELECT order_id FROM my_orders WHERE user_id=? AND status=?');
$stmt_sure -> bind_param('ss',$user_id,$completed);
$stmt_sure -> execute();
$stmt_sure -> store_result();
$stmt_sure -> bind_result($order_id);
$numrows_sure = $stmt_sure -> num_rows();
if($numrows_sure > 0){
while ($stmt_sure -> fetch()) {
//check throught each order to see if this product is there
$stmt_or = $con -> prepare('SELECT product_id FROM cart_details WHERE order_id=?');
$stmt_or -> bind_param('s',$order_id);
$stmt_or -> execute();
$stmt_or -> store_result();
$stmt_or -> bind_result($product_id_db);
$numrows_or = $stmt_or -> num_rows();
if($numrows_or > 0){
while ($stmt_or -> fetch()) {
if($product_id == $product_id_db){
array_push($the_array,"$product_id_db");
}
}
}
}
}
else{
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="You must have purchased this item before you can review it.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=failure.php?u=product_details.php?product=$product_id&m=$message\">";
exit();
}
}
}
else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";exit();}
}
else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";exit();}
if (!in_array($product_id, $the_array)){
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="You must have purchased this item before you can review it.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=failure.php?u=product_details.php?product=$product_id&m=$message\">";
exit();
}
//check that they have not already dropped a review, in which case we populate the form and edit it accordingly.
$stmt_re = $con -> prepare('SELECT * FROM product_reviews WHERE product_id = ? AND user_id = ?');
$stmt_re -> bind_param('ss',$product_id,$user_id);
$stmt_re -> execute();
$stmt_re -> store_result();
$stmt_re -> bind_result($review_id,$review_product_id,$review_user_id,$review,$rating,$review_date);
$numrows_re = $stmt_re -> num_rows();
if($numrows_re > 0){
while ($stmt_re -> fetch()) { }
}
else{$rating = 0; $review = "";}
$msg='';$captcha_error=""; $errors=0;;
if (isset($_POST["send_review"])) {
if($errors == 0){
$review = mysqli_real_escape_string($con,$_POST['review']);
$rating = mysqli_real_escape_string($con,$_POST['rating']);
$review_date = date('Y-m-d H:i:s');
//check if we are inserting or updating
$stmt_re = $con -> prepare('SELECT id FROM product_reviews WHERE product_id = ? AND user_id = ?');
$stmt_re -> bind_param('ss',$product_id,$user_id);
$stmt_re -> execute();
$stmt_re -> store_result();
$stmt_re -> bind_result($review_id);
$numrows_re = $stmt_re -> num_rows();
if($numrows_re > 0){
$stmt = $con -> prepare('UPDATE product_reviews SET review = ?,rating = ?, review_date = ? WHERE id = ?');
$stmt -> bind_param('sssi', $review,$rating,$review_date,$review_id);
$stmt -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Your review was successfully edited.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=product_details.php?product=$product_id&m=$message\">";
}
else{
$db_id=0;
$stmt = $con -> prepare('INSERT INTO product_reviews VALUES (?,?,?,?,?,?)');
$stmt -> bind_param('isssss',$db_id,$product_id,$user_id,$review,$rating,$review_date);
$stmt -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Your review was successfully added.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=product_details.php?product=$product_id&m=$message\">";
}
}
}
?>
<!-- Start All Title Box -->
<div class="all-title-box">
<div class="container">
<div class="row">
<div class="col-lg-12">
<h2>Review A Product</h2>
<ul class="breadcrumb">
<li class="breadcrumb-item"><a href="#">Home</a></li>
<li class="breadcrumb-item active"> Review A Product </li>
</ul>
</div>
</div>
</div>
</div>
<!-- End All Title Box -->
<!-- Start Contact Us -->
<div class="contact-box-main">
<div class="container">
<div class="row">
<div class="col-lg-8 col-sm-12">
<div class="contact-form-right">
<h2>Review <?php echo $product_title; ?></h2>
<p>Thank you for taking the time out to review our product. Please fill the form below:</p>
<?php echo"<h2>$msg</h2>"; ?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>?product=<?php echo $product_id; ?>" method="post" id="">
<div class="row">
<div class="col-md-12">
<div class="form-group">
<select name="rating" id="rating" class="form-control" required>
<option value="">Please Choose A Rating</option>
<option value="5" <?php if($rating == "5"){echo"selected";} ?>>5 Stars (I love it!)</option>
<option value="4" <?php if($rating == "4"){echo"selected";} ?>>4 Stars (I like it.)</option>
<option value="3" <?php if($rating == "3"){echo"selected";} ?>>3 Stars (It was just okay).</option>
<option value="2" <?php if($rating == "2"){echo"selected";} ?>>2 Stars (I did not like it.)</option>
<option value="1" <?php if($rating == "1"){echo"selected";} ?>>1 Star (I really did not like it)</option>
</select>
</div>
</div>
<div class="col-md-12">
<div class="form-group">
<textarea class="form-control" id="review" placeholder="Your Review (max 240 Characters)" name='review' rows="4" data-error="Write your review" required><?php echo $review ?></textarea>
<div class="help-block with-errors"></div>
</div>
<div class="submit-button text-center">
<button class="btn hvr-hover" id="submit" type="submit" name='send_review'>Submit</button>
<div id="msgSubmit" class="h3 text-center hidden"></div>
<div class="clearfix"></div>
</div>
</div>
</div>
</form>
</div>
</div>
<div class="col-lg-4 col-sm-12">
<div class="contact-info-left">
<h2>CONTACT INFO</h2>
<p>We have dedicated customer satisfaction specialists who are standing by to attend to you.</p>
<ul>
<li>
<p><i class="fas fa-map-marker-alt"></i>Address: <?php echo $company_address; ?></p>
</li>
<li>
<p><i class="fas fa-phone-square"></i>Phone: <a href="tel:<?php echo $company_phone; ?>"><?php echo $company_phone; ?></a></p>
</li>
<li>
<p><i class="fas fa-envelope"></i>Email: <a href="mailto:=<?php echo $company_email; ?>"><?php echo $company_email; ?></a></p>
</li>
</ul>
</div>
</div>
</div>
</div>
</div>
<!-- End Cart -->
<?php include("footer.php"); ?>